Azure CDN WAF Policy
Introduction
Azure Content Delivery Network (CDN) Web Application Firewall (WAF) policies offer centralized protection against common web threats and vulnerabilities, such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 risks. Monitoring CDN WAF is essential to ensure the ongoing health, performance, and effectiveness of these security policies across all configured CDN endpoints.
Getting Started
Compatibility
The Azure CDN WAF Policy O11ySource supports Azure CDN WAF Policy Services within standard lifecycle support.
Data Collection Method
Telemetry data for Azure CDN WAF Policy comprises various metrics that monitor event processing performance, resource utilization, and operational health. Our internal agent, deployed within the vuSmartMaps environment, collects these metrics using a pull method.
Prerequisites
Dependent Configuration
To configure this O11ySource, create a 'credential' of type 'azure' under the 'Definition' tab.
Inputs for Configuring Data Source
- Policy Name: Enter the Policy Name of Azure CDN WAF
- Resource ID: A unique identifier for the Azure resource.
- Credential: Client ID, Client Secret, Subscription ID and Tenant ID associated to the credential.
- Period (in seconds): Time interval for polling data from the Azure App Gateway. Period should be between 60 seconds – 3000 seconds.
Firewall Requirement
To collect data from this O11ySource, ensure the following ports are opened:
| Source IP | Destination IP | Destination Port | Protocol | Direction |
|---|---|---|---|---|
| vuSmartMaps IP | Azure Monitor IP | 443* | TCP | Outbound |
*Before providing the firewall requirements, please update the port based on the customer environment.
Configuring the Target
Health and performance metrics of Azure CDN WAF Policy are collected through Azure Monitor service. Thus, Azure Monitor must be enabled in your Azure account. Azure CDN WAF Services should have available instances for which monitoring is enabled.
An IAM role or user with the following permissions to access Azure Key Vault metrics through Azure Monitor:
- Grant the Azure AD application, for which you've obtained the Client ID and Client Secret, the "Reader" role or a custom role specifically assigned with the Microsoft.Insights/metrics/read permission.
Configuration Steps
Enablethe O11ySource.- Select the sources tab and press the
+button to add a new instance that has to be monitored. - Provide the required configurations:
- *Resource Name
- *Period (in seconds)
- *Credential
- *Resource ID
- Click
Saveto close the data source window.
Metrics Collected
| Name | Description | Data Type |
|---|---|---|
| @timestamp | Original timestamp of the agent in string format | String |
| timestamp | Precise timestamp of the agent with milliseconds | DateTime64(3) |
| resource_group | Resource group in Azure | String |
| subscription_id | Azure subscription identifier | String |
| resource_name | Name of the Azure resource | String |
| name | Metric name of the Azure resource(e.g., capacity, requests etc.) | String |
| minimum | Minimum value of the metric over the period | UInt64 |
| maximum | Maximum value of the metric over the period | UInt64 |
| total | Total value of the metric over the period | UInt64 |
| average | Average value of the metric over the period | Float64 |
| namespace | logical container that organizes and manages related resources | String |
| count | Indicate the number of occurrences or events of a specific type within a given time frame. | UInt64 |
| target | Refers to the specific Azure CDN WAF instance being monitored, accessed, or targeted for operations such as key retrieval, secret access, policy updates, or metric collection. | String |
| resource_region | Specifies the Azure geographic location where the CDN WAF resource is deployed and hosted. | String |
